Lucene search
K

6 matches found

Circl
Circl
added 2025/07/04 12:13 p.m.6 views

CVE-2024-12326

creationtimestamp| type| source ---|---|--- 2025-07-04 12:13:31+00:00| seen| Telegram/D8vZDoWCdzNN6LdFD0MfykUl2rq3VsBKqNI19RTxAMP6sSI...

6.1CVSS4.8AI score0.00235EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.13 views

CVE-2024-12326

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS5.8AI score0.0053EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 9:15 p.m.32 views

CVE-2024-12326

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/06 8:50 p.m.25 views

CVE-2024-12326 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 8:50 p.m.81 views

CVE-2024-12326

Vulnerability summary (CVE-2026-1466 family): Jirafeau’s browser preview restriction for text types (excluding image/svg+xml) can be bypassed by sending a manipulated HTTP request with an invalid MIME type (e.g., image), allowing the preview engine to detect SVG/execute JavaScript. The root cause...

6.1CVSS6.1AI score0.00235EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/06 8:50 p.m.13 views

CVE-2024-12326 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS6.1AI score0.00235EPSS
Exploits0References2
Rows per page
Query Builder